|
|
|
|
|
|
|
|
|
|
|
|
|
Recently, almost everyone's email inbox was clogged with messages generated by computers infected with the Sobig.F Windows virus. We saw unwanted messages with Subject lines like:
UVM's email system detected over 40,000 infected messages on Tuesday, August 19, and removed the infected attachments before delivering the messages to our inboxes. (On a typical day, the email system used to cleanse about 1,200 infected messages.)
Because users of UVM's email system found it more and more time consuming to manually delete such an unprecedented volume of useless messages, Computing and Information Technology modified the email system to remove messages infected with this virus rather than delivering disinfected messages to our inboxes. Messages are dropped based on the names of the attachments, not on the Subject lines, to guard against deleting legitimate messages.
In the first 22 hours after implementing the change, over 48,000 infected messages were filtered out.
How many people worldwide were infected by Sobig.F? At least one million on the first day alone, dwarfing the previous record held by the Klez virus. How many who get all of their email through the UVM email system were infected by Sobig.F? Zero. That's because UVM recently started blocking attachment file types that are likely to be used to propagate viruses and worms. So even in the critical first hours of the Sobig.F outbreak, while we were waiting for Symantec to provide us with protection, UVM's email gateway was preventing the virus from entering our inboxes.
Many of us have also noticed an increase in the number of email delivery error notices. This occurs because a computer infected with Sobig.F sends out hundreds of infected emails with forged "From" addresses. If we're unlucky enough to be the user of one of the forged addresses, we'll get error notices when virus-generated messages can't be delivered. This isn't something that can be remedied by the email system; we each will have to delete these secondary Sobig.F effects manually.
To protect your computer against Sobig.F and other viruses, please always run up-to-date virus protection software, and avoid use of non-UVM mail services that don't scan messages for viruses. UVM's site-licensed Symantec Antivirus software is free for downloading from: http://www.uvm.edu/software
For more information, please see: http://www.uvm.edu/cit/antivirus/
Please address questions or concerns to CIT at information.technology@uvm.edu.
Many email users were astonished to discover that virus writers had misappropriated their email address (and name!) to distribute the Sobig.f virus. Others have been disturbed to receive spam (some of it pornographic) from a colleague at UVM -- or even themselves! Some have suspected that their own computer had been accessed or that our institution's network security had been compromised. But it is neither of these -- it is simply a falsified ("forged") email return address.
How can this happen?
Falsifying an email return address is similar to, and almost as simple as, writing another person's name and address in the upper left of a stamped, addressed envelope and dropping it in a mailbox. Fortunately, most people are honest and would never do such a thing. Of course, there is also the risk of getting caught...
How can I prove that the email did not come from me?
Without a digital signature there is not much for hard proof. But since it is so easy to forge return address, there is also little or no proof that such email did come from you. Fortunately, unlike the Postal Service, Simple Mail Transport Protocol (SMTP) records routing information in normally invisible headers. These headers provide some information about where the email address originated and how it got to its destination. While it will not tell you exactly who falsified the return address, it will usually allow you to identify the Internet domain and internet protocol (IP) address of the originating computer. The method for seeing these headers vary from one email program to another. For example, in Eudora, you can click on "blah blah"; in Webmail, click on "Message Source".
Reading the headers takes a bit of knowledge of SMTP and the internet protocol (IP), but with a little effort most folks can read headers well enough to figure out if the email actually came from UVM. Hint: read headers from last entry up.
For example, last week many people at UVM and elsewhere received a "thank you" email ostensibly from a legitimate UVM email address. However, viewing full headers revealed:
Return-Path: <lyman.ross@uvm.edu>
Received: from interferon.uvm.edu (interferon.uvm.edu [132.198.101.244])
by zoo.uvm.edu (8.12.9/8.12.9) with SMTP id h7K8odLX068126
for <rlawson@zoo.uvm.edu>; Wed, 20 Aug 2003 04:50:49 -0400
From: "Lyman B. Ross" <lyman.ross@uvm.edu>
Received: from in-mailgw.uvm.edu ([132.198.101.185])
by interferon.uvm.edu (NAVGW 2.5.2.17) with SMTP id M2003082004505019680
for <rlawson@zoo.uvm.edu>; Wed, 20 Aug 2003 04:50:50 -0400
Received: from CCSD221 (ccsd1000.srs.state.vt.us [159.105.100.221])
by in-mailgw.uvm.edu (8.12.9/8.12.9) with ESMTP id h7K8ombE024291
for <rlawson@zoo.uvm.edu>; Wed, 20 Aug 2003 04:50:48 -0400
Reading the headers from the bottom up, we see this message actually originated from a Sobig.f infected computer at the State of Vermont:
Received: from CCSD221 (ccsd1000.srs.state.vt.us [159.105.100.221])
This does not "prove" who actually sent the email, but it does clearly identify the network location from which it was sent. Digital signatures (below) hold out promise for helping prove who actually has sent and received email.
See Reading Email Headers for more information.
Why do people falsely attribute email?
There are a number of common reasons. Spammers and virus writers are two of the most likely perpetrators. They create bogus addresses or misappropriate legitimate addresses because:
Virus writers commonly write programs that access the infected machine's address book or email folders (inbox, sent mail, etc.) to collect addresses to spread a virus to. Using existing correspondents' addresses, the virus sends email from an address that is likely to be familiar to the recipient -- thereby increasing the likelihood that recipients will trust the source and open the infected attachment. The Sobig.f virus went one step further by selecting return addresses in this fashion -- thus making it somewhat more difficult to track down the infected computers.
Isn't fraudulent attribution of email against the law?
Many people think it should be, but setting a falsified return address, per se, is not against the law. Of course, fraud is, but that is more difficult to prove, it takes time, expertise, and no small amount of legal muscle to track down and sue/prosecute the perpetrators. But it can be done. Amazon.com has recently taken 11 spammers to court for "spoofing" their email address.
Some law makers have introduced legislation (see reading list) that would require every email message to have a legitimate return address. Others have opposed this legislation for a variety of reasons, including:
However, no one has argued that making viruses somewhat harder to distribute would be a problem, and this latest example of abuse is likely to increase interest in appropriate legislation and enforcement. In any case, no enforceable laws restricting falsified return addresses are currently on the books (as far as we know).
What can be done?
Legislation & Law Enforcement: While there are few laws governing email per se, much spam content and all viruses are already against the law. Though some clearer, more specific legislation is in order, more aggressive law enforcement may be the ultimate need.
Improved Internet Email Security: One of the reasons Internet email (Simple Mail Transfer Protocol or SMTP) has been so successful is that it is open and relatively simple. Regretfully, this also means it is easy to abuse. There are ways to make Internet email more secure, but they're not widely implemented or easy to use. For example, to make privacy enhancements for Internet mail (PEM) workable, one needs digital signatures, for which institutions and corporations must implement a public key infrastructure [PKI, see email security and middleware articles in prior IT News issues]. It also requires that both the sender and recipient have email programs that support encryption. And, of course, both the user and all his/her correspondents must know how to use the infrastructure. While the demand for a solution has increased (because of abuse), the technology deployment hasn't quite caught up with the need.
Authenticated SMTP: Note that the PEM does not prevent people from forging email addresses; it simply allows you and your correspondents to have some confidence that email using this infrastructure has not been tampered with and actually came from the person in the return address. One possible measure to reduce email forgery is to require that email senders use authenticated SMTP (i.e. require an account/password to send email) and enable email recipients to refuse unauthenticated email. UVM supports authenticated SMTP, but not every email program at UVM supports authenticated SMTP. Even if everyone at UVM used authenticated SMTP, it would not reduce the amount of spam and viruses since the spammers and virus writers would be unlikely to use authenticated SMTP unless they were somehow forced to. The more Internet service providers (ISPs), institutions and corporations that require authenticated SMTP, the harder it will be for spammers and virus writers to send email with falsified return addresses. At some point, when the use of authenticated email becomes the rule, we maybe able to choose to accept only email that has been authenticated. That could take a while...
Further reading
Q: UVM hosts a lot of electronic mailing lists about a variety of topics. How do I find ones that interest me?
A: The public ones are listed on the Web at Archives, but the private ones are closed to a certain group of people who need to know.
Q: Okay, but how do I find a list on a certain topic?
A: You can always use the alphabetical index of archived lists. However, finding lists among hundreds in the archives can be an arduous process. To simplify your search, we have implemented listserv gateways for two areas:
Information Technology (IT)
Student Interests (academic, cultural, athletics and others)
These Web pages allow you join the lists you like with the click of a button. You can still join these lists individually, but the gateway pages should help you find the ones you want and join them easily.
To make finding lists of interest easier, they are organized into subcategories. For example, on the IT lists gateway you'll currently see:
Q: Is there any way to browse for past messages sent to the list? I might want to look at the previous discussions before joining.
A: Yes, you can click on the name of the list in the archives index, such as uvmwindows, and you will be taken to that list's message archives. In addition to giving you a better idea of how the list is used, you can get a sense of how active the list is.
You can find the Listserv Gateways at:
Click on the appropriate sidebar item: "IT Mailing Lists" or "Student Mailing Lists". If you are interested in sponsoring additional gateways, please contact John Ryder
Despite the fact that UVM has a state-of-the-art Cisco firewall and best-of-breed virus protection, we (and other universities) are especially subject to the latest spate of viruses and worms. While our firewall protects computers attached to the campus network, it cannot protect computers that go home with students, faculty and staff. When these systems, many of which will be infected with viruses contracted through Internet service providers (ISPs), are brought back to campus, they immediately begin attempting to spread them to other vulnerable Windows systems from inside the firewall.
Note that the Blaster worm does not require email to spread -- you need not open an attachment for your computer to be infected, you need only connect your vulnerable Windows computer to a network where an infected computer is actively spreading the virus. Infections can roll through a campus network like a wildfire.
But CIT, Residential Life and other IT staff have not been just waiting around wringing our respective hands. We have taken many proactive steps to prevent a network disaster and the resulting personal productivity interruptions:
The last item, blocking network propagation of Blaster, is possible because UVM installed sophisticated network equipment in the residence halls last year. If that hadn't been done, we could be in the situation found at other schools, where entire residence hall networks have been shut down. This action is a safety net of sorts -- it should give us breathing room to let people use the network with low risk of infection, while all Windows 2000/XP users run the software fixes to protect their computers.
A great deal of effort has been made to limit the impact of this blocking. The switches have been programmed to allow connections to widely used services (www.uvm.edu, library.uvm.edu and others). Nonetheless, unintended consequences are possible. The blocking will be removed once the vulnerable Windows computers have been patched.
There will certainly be new viruses and new Windows vulnerabilities discovered and exploited. Raising awareness now about the importance of virus protection software and automatically installing Windows updates will help reduce risks and infection rates in the long run. In the short term, much has been done to protect us all from the most threatening known exploits -- Blaster and its variants, and Sobig.F.
The cooperation among all campus groups in taking all these steps to avert catastrophe has been nothing short of fantastic. If anyone has ideas for further steps we could take, let's talk!
-Dean Williams
UVM's Network Services offers a secure and managed wireless networking solution that features an authentication system in conjunction with wireless infrastructure management tools. Cat's PAWS coverage territory has been significantly expanded during the summer. Look for the Cat's PAWS signs that are currently being distributed to identify coverage areas:
To get connected, you will need:
Locations (effective 9/4/03)
If your area is not covered, UVM Network Services will help plan out the desired wireless coverage area and deploy wireless access to ensure optimum network performance. Users find it beneficial to receive the combined wired and wireless service that provides the high speed of wired network service and the mobility of wireless service. Cat's PAWS wireless access can be installed for $17/month per 10,000 square feet of coverage, which includes UVM Network Services support (security, management, consulting, network monitoring).
For more information call Network Services (802-656-8888). For help setting up and using your computer with the Cat's PAWS network, bring your laptop to CIT's walk-in help hours, Monday through Friday from 2 to 4 PM at Microcomputer Services, 211 Waterman.
Things You Need To Know
Enterprise-sized wireless networks such as Cat's PAWS are different from the wireless access you may have at home. Home wireless typically has a single access point and little if any security.
Cat's PAWS users should not assume the network allows unlimited mobility while connected. If the Cat's PAWS signal becomes weak as you move from one access point area to another, the security features of the network may terminate your connection and require you to re-authenticate.
If you allow your laptop to hibernate or sleep for an extended period of time, Cat's PAWS may also require re-authentication.
To avoid unintended loss of connectivity, we recommend that you gracefully terminate your connection before moving to a different area or allowing your laptop to hibernate for an extended period of time.
Wireless Policies
Wireless access points should only be installed by UVM Network Services. Students, staff and faculty may not allow a third-party provider to supply access on campus or install their own access points. If you suspect an unauthorized access point is interfering with your Cat's PAWS service, please contact Lynne.Meeks@uvm.edu.
The currently deployed 802.11b uses the unlicensed 2.4GHz spectrum, which is used by other wireless devices. Some devices that cause known conflicts include 2.4GHz cordless phones and some microwave ovens. In order to minimize interference and assure the highest level of service to the wireless users, Network Services recommends minimizing the use of these devices in Cat's PAWS areas.
Patricia
Ainsworth
Director, Telecommunications & Network Services
Internet Bandwidth
UVM has recently increased our Internet bandwidth by 38%. We now have a total of 90Mbps of bandwidth from Verizon and Telcove (formerly Adelphia Business Solutions). Traffic is shared equally between the two carriers and is carrier on separate facilities providing a high level of survivability if one carrier should have a failures. This upgrade was necessary to keep pace with increased demand from students, faculty and administrative units.
Internet 2 Bandwidth
UVM Network Services has increased the Internet 2 bandwidth by 29% to 45Mbps with service provided by Telcove. UVM is investigating ways to partner with other Vermont educational institutions to expand Internet 2 in Vermont. Internet 2 is available to everyone on the UVM network. I2 is used for research and academic activities, and to carry some traffic that would otherwise travel on the commodity Internet connections.
Trinity Campus Now On-line!
During the summer telephone, data and cable TV service to the Trinity campus was upgraded. This major construction project, managed by UVM Architecture and Engineering, was completed on time and will provide services consistent with those on main campus. A new conduit system was constructed to connect Trinity campus to the main UVM campus and was designed with capacity to satisfy present and future technology needs. Service in the five Residential Halls is completed, and the final configuration of services in the academic and administrative buildings will be completed when the occupants of these spaces are identified.
Given Network Upgrade
UVM Telecom and Network Services has upgraded network services in Given Building. This project included the construction of new Telcom Rooms, the installation of high-speed Cisco data switches, the installation of new CAT 6 wiring and the retermination of data and voice jacks. Users will enjoy 100 Mbps of data at each data port. Funded by the College of Medicine, this project will significantly improve network performance as required to support the new on-line learning applications, COMIS.
Last year Network Services, with funding from Residential Life, replaced all network electronics for all student rooms (except Trinity which was updated this summer). In addition to providing much improved performance and reliability, the new electronics have features that have made the containment of certain viruses and worms practical. UVM will be using these facilities to help students protect their own computers. See article.
This fall students living in Residence Halls will have new telephone numbers. In the past roommates shared a phone number and the associated voicemail. Starting with the Fall semester students will have their own telephone numbers beginning with 542 instead of 656. Each student will also have a private voicemail box that can be accessed from any phone. Students will keep the same telephone numbers as long as they live on campus. These numbers will move with them when students update their campus address rooms through Residential Life.
Callers on campus can reach these new numbers by dialing the last 5 digits only, as they do with all 656 numbers. Students' residence hall telephone number can be found on line in UVM People , and the soon to be published paper UVM Telephone Directory will also have the new 542 numbers.
New More Robust Cable TV (CATV) Jacks
Substantial progress was made to convert the CATV jacks in the Residence Halls to a new configuration that will reduce accidental damage. This new configuration required technicians to drill and rewire terminations in each room of the Residence Halls and will significantly reduce outages and maintenance expenses.
Patricia
Ainsworth
Director, Telecommunications & Network Services
Email Server Enhancements
CIT Technical Support Group has been actively working on deploying a new email cluster this summer. We've designed a cluster of 9 Linux servers which will provide high speed imap, pop, smtp, and webmail services. This cluster should be ready for production by mid fall. Hardware is being configured now, and the cluster is getting ready for it's first round of testing users.
We've also purchased and installed another 3.5 terabytes of storage for the Zoo cluster. This storage will be used for email, websites, file sharing, general research storage, and home directories. It brings the total storage on the Zoo cluster to about 9 terabytes.
PureMessage Spam Rating and Tagging Implemented
Beginning in late June, the PureMessage system starting tagging messages on their likelihood of being spam. See the PureMessage article in the summer IT News or CIT Web pages on spam. We'll also be updating the email virus scanner, since PureMessage also scans for viruses. Mike Austin
Many computer labs and classrooms have seen updates and equipment replacements this summer. Where feasible, Windows labs have been upgraded to Windows XP Professional -- with the latest security patches -- and Macintoshes have been updated to MacOS X 10.2 (Jaguar).
Waterman Computer Labs & Classrooms
Network Enhanced
The network servicing the computer lab and classrooms in 113 Waterman area have been upgraded to provide higher speeds and future capacity. Early this summer, Network Services rewired the lab with new category 6 (CAT6) Ethernet cabling. In addition to allowing each computer to have a dedicated 100 mbps connection to the network, this cabling is designed to support gigabit speeds over copper in the future. The Cat's PAWS wireless network is also available throughout 113 Waterman.
Windows Computers Replaced
All Windows computers in the main 113 lab and the 113Q classroom have been replaced with new Dell Optiplex Pentium 4 GX270 Windows XP workstations which include 17" flat panel monitors. The complete suite of standard software is available for use by all UVM affiliates.
Instructors should note that due to Windows XP security considerations, it is not possible for instructors or students to install software on the 113 Waterman computers. If software is needed beyond that included in the standard image, please see lab manager David Houston at least 4 weeks before beginning of the semester your class will be held. Any software that needs to run on these machines must be well-tested and not require Windows XP "administrator" priviledges.
Software Enhancements
All Macintosh computers have been upgraded to OS X Jaguar. All of the standard software components are in place. The 113-T teaching lab also has most of the latest image and multimedia development software.
Note that access to any of the workstations in the Waterman lab requires, as it has for many years, a network ID (aka, zoo ID) and password. There is a dedicated kiosk in the main lab that allows UVM affiliates to activate network ids, change passwords, reset a forgotten passwords, and enable accounts for "domain" logins.
Other Computer Labs & Classrooms
School of Natural Resources Lab Upgrades
In collaboration with the School of Natural Resources, there is a new Macintosh lab, with a dozen 17" iMacs, running MacOS X. And the Spatial Analysis Lab's Windows XP computers have updated software, including S+.
Arts & Sciences Lab Upgrades
In a new collaboration, the College of Arts and Sciences and CIT have co-funded upgrades for computer labs in Biology, Communications Sciences, Music, and the Language Resource Center. The Geography lab Windows computers have received security patches.
ALANA Lab Upgrades
In Blundel House, CIT has co-funded new Windows XP computers. These are Dell GX270 workstations with 17" Flat Panel monitors.
Morrill Lab Upgrades
Windows XP systems have been updated and security fixes applied.
Outgoing Computers
Residential Life and CIT have collaborated to place computers being removed from upgraded labs into residence halls. As a result of this program, several new labs have been established on the Trinity campus. ALL old Windows 98 units have been converted or are being converted to Windows XP, so there will be no CIT supported or imaged labs with Windows 98 in them. New and updated clusters include:
Classroom Computers
Instructor's stations have been replaced or upgraded to Windows XP Professional over the summer in several classrooms:
The classroom in Lafayette 309, which is equipped with a laptop computer for each student, has been re-configured for the fall semester. The instructor's station and two accessible (ADA) stations have been upgraded from Dell G1s to GX110s. The laptops have been reduced to 30 after careful evaluation of all remaining laptops; only the most reliable were retained. All computers in this room are running Windows 2000.
Dean Williams
CIT Assistant Director for Client Services
Here are some of the projects CIT Media Resources [aka Classroom Technology] has completed this summer:
*For details, including definitions of classroom technology Levels I, II & III, please see http://www.uvm.edu/cit/media/?Page=CRTecLvl.html.
Jim Whitby
Media Services / Classroom Technology
CIT has upgraded the server software used to stream digital video files for RealMedia, QuickTime, and Windows Media Player
CIT Streaming Media Services were first initiated on October 29, 1997, with the live "web-casting" of WRUV-FM, the University's radio station, via RealAudio and the then free-ware RealNetworks Basic Server. In February 1999, CIT purchased (at considerable expense) a fully licensed version of this software, good for up to 200 simultaneous viewers. Installation of Apple's QuickTime streaming server software followed in July, 1999, which made possible the first transatlantic Internet debate as detailed here:
http://www.uvm.edu/news/?Page=News&storyID=1882&FieldValue=quicktime
The latest upgrades have been applied to both of these services: the QuickTime Stream Server (QTSS) has been updated to version 4.1.3, while the RealServer has been updated to the Helix Universal Server.
The Helix Universal Server will allow streaming of audio and video in a wide variety of formats, including RealMedia, QuickTime, and Windows Media Player. For the first time CIT is providing a solution for streaming Windows Media content. With this installation, our license has changed somewhat, too -- from a limit of 200 simultaneous viewers to a limit of 20 mbs (megabits per second) total bandwidth; i.e., 20 users all watching a high bandwidth one megabit per second video, or 200 users watching a more modest DSL/cable-friendly 100 kilobit per second video. For comparison, this video of President Fogel's inauguration is recorded at 998 kbs (almost 1 mbs, although it may play at much less than that depending upon your Internet connection) while this edition of "Beyond the Green" with Will Mikell and Daniel Fogel clocks in at 80 kbs.
The Helix software is hot off the presses and only just installed, so we don't have too much experience with all of its capabilities. Nonetheless, we're excited to begin exploring them. Keep abreast of the latest developments at http://www.uvm.edu/cit/streamingmedia/, or contact wesley.wright@uvm.edu to arrange a consultation.
The UVM (Virtual) Digitization Center (UVMDC) is interested in exploring how the University can coordinate and develop its ongoing digitization efforts. UVMDC includes members from the Libraries, Fleming Museum, Perkins Geology Museum, Art, and Computing and Information Technology.
This summer, the UVMDC began to explore a couple of Open Software initiatives; in particular, the GreenStone Project and DSpace.
Greenstone is produced by the New Zealand Digital Library Project at the University of Waikato, and developed and distributed in cooperation with UNESCO and the Human Info NGO. It is open-source, multilingual software, issued under the terms of the GNU General Public License. Locally, it can be found at http://weasel.uvm.edu/cgi-bin/library.
DSpace is a groundbreaking digital library system to capture, store, index, preserve, and redistribute the intellectual output of a university's research faculty in digital formats. Developed jointly by MIT Libraries and Hewlett-Packard (HP), DSpace is now freely available to research institutions world-wide as an open source system that can be customized and extended. It is installed locally at http://weasel.uvm.edu:8080/dspace.
If you are a UVM affiliate and would like to join our conversation about creating digital collections, collaborating in digitization projects, establishing UVM best practices for creating these collections, and exploring how these collections can be integrated into teaching and learning at UVM and beyond, please subscribe to the UVMDC list.
The music industry won a major victory in April. Copyright
holders can now force Internet service providers (ISPs), like UVM, to
turn over the names and addresses of subscribers -- students --
suspected of sharing copyright-protected music. Copyright
holders, like the Recording Industry Association of America (RIAA),
have been suing people who illegally share music and movies for some
time, and some students have had their life savings wiped out.
But students were afforded some protection because schools, including
UVM, typically would not reveal the names of students sharing music,
even when RIAA or the Motion Picture Association of America (MPAA)
filed a complaint.
What's different now is that it's much easier for RIAA and MPAA to
identify the offenders, and they're going after hundreds of people a
week. In a nutshell, it works like this:
What happens once you're sued is anyone's guess. Some cases
have been
settled out of court, but the law allows a
minimum penalty
of $750 per song.
Here are some ideas for staying out of trouble. This
information applies to any student or employee using a UVM network
connection.
So far, the industry appears not to have targeted people who only download. Instead, people who share music or video with others (intentionally or not), are being sued. Most file sharing programs automatically share your media library with the world.
Don't install file sharing programs, and remove them if you've already installed them. You may need help from a clean-up program like SpyBot or Ad-Aware to really rid your computer of some sharing software and malware. Programs to avoid include:
Morpheus
Limewire
KaZaA
Grokster
Gnutella
Bearshare
WinMX
Blubster
XoloX Ultra
NeoNapster
Because typical file downloading and sharing programs are built to
bypass security features like the password you've set for
your computer, to work through fireswalls, and often to install "back
door" programs on your computer, there is little protection once you
have installed one of these programs.
Of course, if you just
download
authorized material, such as from the iTunes music store, or if,
for your own listening convenience, you rip CDs you own, you're
safe. The best way to avoid being sued is to not break
the law.
If you share files over "networks" like Limewire, KaZaA,
Grokster, or over chat protocols such as AIM and IRQ, you're letting
anyone see what you have to offer. The
Recording Industry Association of America (RIAA) and the Motion
Picture Association of America (MPAA) are up against too many people
sharing files to have humans scour the Internet for violators, so
they've written software robots to pose as members of the
"community." A robot will find your computer, make a list of
your unauthorized files, and determine your network
address.
That's all they need to file a complaint or a subpoena.
UVM does not monitor the content of online communication -- Web
browsing and publishing, email, file sharing, and chat -- on its
networks and servers. Generally, University policies
prohibit only:
UVM protects your privacy and your legal rights in accordance with laws like the Family Educational Rights and Privacy Act (FERPA) and the Digital Millennium Copyright Act (DMCA). But just as it's your responsibility to obey the law in using your computer and network connection, UVM must comply with legally valid complaints and subpoenas.
Here's what will happen after somebody like the RIAA finds unauthorized material on your computer:
In the above scenario, you'll find yourself a defendant in a lawsuit. Penalties are significant, and rise in proportion to the number of songs you were sharing. Defendants can even be required to cover the copyright holder's legal costs. Back at UVM, judicial or disciplinary action may follow.
Just kidding. Most people are conscientious about using
their computers in legal and ethical ways; for others, the consequences
can ruin one's whole day. For example:
Copyright complaint: If the RIAA
isn't ready to sue you,
they may file a complaint with UVM under the Digital Millennium
Copyright Act.
Copyright complaints are, unfortunately,
too common, and copyright
violations are by far the most frequent abuse of University networks
and servers. The University will continue to act when alleged
copyright infringements are reported in accordance with the DMCA and
FERPA.
Hacking: Any attempt at violating
system or network
security results in immediate disconnection, and is prosecuted
through both internal processes and the legal system.
Network performance: File trading and online games can
sometimes cause network performance problems.
- An attempt is made to identify and contact the user of the problem computer.
- Voluntary compliance is the norm -- most offenders don't realize they're causing any disruption.
The good news is that there are numerous legal ways to get music
online. In addition to the low-cost music download services
such as iTunes and
RHAPSODY, free music is out
there for legal downloading and listening -- one just has to find it.
Google
searches turn up numerous options, including the
Free
MP3 Music Player Downloads site and lists at
Music
United and the Electronic
Frontier Foundation.
Here are some sources of additional information about media
downloading, sharing, and your legal options.
Earlier UVM articles on this topic:
Disclaimer: This article should not be considered legal
advice.
-Dean Williams
August 27, 2003 (revised October 10, 2003)
ACS has provided technical know-how and expertise to the CTL since its inception back in 1999, and has assisted with CTL workshops and programs ever since. One of the most successful programs, known as "The Doctor is In", began in the Fall 2000 semester (see related article), and is still going strong.
The "Doctor is In" program at the Center for Teaching and Learning (See http://ctl.uvm.edu/doc_is_in.html and http://www.uvm.edu/~ctldoc) encourages faculty to experiment with new computer software or hardware without the disappointments and frustrations of learning on their own. The program offers custom-tailored support by instructional and information technology professionals with one-on-one tutorials on using technology to improve teaching effectiveness. This in-depth support goes one, two -- and oft times, many -- steps beyond the basic IT support offered by the CIT Helpline.
Faculty should continue to use the Helpline for their everyday "quick fix" problems, like, "Help! My printer won't print!" or, "How do I kill this virus!" But for in-depth questions, technology solutions, or major digital projects, come visit the Doctor! -Wesley Wright
Some of us have been confused about the various versions of plans currently (and recently) in progress. In an effort to clarify things, here is a quick summary of the planning processes:
Strategic Action Plan: This is a planning process every UVM unit will be conducting over the next few months. It involves defining "action steps" to be completed within this and the next fiscal years. While this timeframe is more consistent with tactical planning, each of these action steps must be aligned with the University's Strategic Goals and are therefore strategic. Unlike most past plans, the Strategic Action Plans will not be based upon lengthy narratives, but upon a set of objective actions to be completed supplemented by who is responsible, the relationship to (and plan for) resources, and assessment criteria. For further information, see the Strategic Action Plan on the President's Web page.
Budget Plans, Budget Documents & Budget Defense: These processes have not been conducted in several years and are being replaced by the Strategic Action Plans.
IBM Information Technology Assessment: This report was the result of a relatively brief IBM consulting engagement earlier this year. The IBM report recommendations will be given careful consideration as the University develops a strategic IT plan (below).
IT Master Plan (aka, Strategic IT Plan): This is a seperate planning effort that will establish principles and recommendations that will guide institutional IT for several years. Like the earlier Information Technology Task Force (ITTF) planning effort, it will examine how UVM uses, supports and organizes information technology. This planning effort is just getting underway. See the article below for more information.
Since this planning involves the entire institution and many aspects of IT, many people with a variety of backgrounds and expertise will be asked to participate. Certainly, IT planning incorporates much more than technical issues, and the appropriate constituencies and experts will need to be involved in the various aspects of planning. Technical matters will certainly be covered, but not to the exclusion of any consideration of the needs for ease of use, adequate service levels, efficiency, and meeting the strategic goals of the University.
Like the most recent strategic IT planning process (the 1998 IT Planning Taskforce), this process will be as open and collegial as possible. Among our most important tasks is and will be communication with the UVM community. We expect to include, and possibly expand, the communication channels applied in the earlier planning effort:
Among the first tasks will be to define the scope of the comprehensive IT planning. I have listed below some general topics that should be addressed. No doubt, the list will be revised and refined as the planning proceeds.
Teaching & Learning
- Course Management Systems
- Classroom Technology
- Student and faculty technology "literacy"
Information Technology Infrastructure
- Data Networks (campus, Internet & Internet2)
- Electronic mail (directories, spam, viruses, performance)
- Web servers (for departmental, organizational & individual websites)
- Voice (POTS, cell phones, voicemail, conferencing, etc.)
- Campus calendaring (standardization, adoption, education)
- File sharing, storage & backup
- Identity management (LDAP, Active Directory)
Administration
- Core business applications (SIS, FRS, HRS, etc.)
- Workflow and business office automation
- Self-service & disintermediation
Information Technology Support
- Helpline
- Distributed & Centralized Support Staff
- IT education & professional development
Standards & Technology Transition(s)
- Hardware and software versions - life-cycle planning
- Application standards and support
- Uniformity vs choice -- finding the right blend
- Phasing out obsolescent technology
- Supporting & simplifying transitions
Electronic Communications
- Web content & formatting
- Web services / Portal
- Conventions for accessing information
- Conventions for distributing information
Research Computing
- Researcher requirements
- Funding & cost recovery
- Leadership & oversight
Organizational effectiveness
- Principles guiding distribution of servers & applications
- Principles guiding distribution of management and support staff
Disaster Contingency Planning
- Disaster prevention
- Disaster recovery
- Business continuity
Information Security, Privacy & Confidentiality
- Legal requirements (HIPAA, FERPA,GLB. etc.)
- Network security (firewalls, vulnerability scanning, intrusion detection, etc.)
- Server & database security
- Individual responsibilities
As the strategic IT planning proceeds, the planning team will publish additional articles.
The IBM ThinkPad R40... better than last time. ~~ Reviewed by J Greg MacKinnon. ~~
It has been almost ten years since IBM ThinkPads were actively sold and distributed at UVM. Our parting with IBM systems was not a happy one at the time. ThinkPad computers consisted of mostly proprietary components. The case designs were interesting, but prone to breakage and difficult to service. When IBM could no longer meet UVM's microcomputer expectations, UVM selected Dell as our preferred PC vendor. Though UVM has since conducted regular market reviews and competitive bidding, Dell has continued to win most of UVM's PC business (though UVM has continued to offer IBM microcomputers).
It would be an understatement to say that a lot has changed since then. Dell revolutionized the industry through new manufacturing and delivery techniques, and through aggressive pricing practices. Gone are the days of high-priced proprietary systems: open systems sold with minimal markup are here to stay. The worst offenders from the proprietary-systems days are either our of business (Digital), or producing Dell-like open systems (HP, Compaq, and Gateway). It is quite rare now to find a PC that is anything other than an assemblage of "best of breed" (or sometimes, painfully, "cheapest of breed") components. The quality of a PC now is judged by the ability of the vendor to make all of those disparate components function smoothly together and to package them with bug-free productivity-enhancing software.
IBM returns to campus this fall, starting with the new ThinkPad R40. Detractors of the older ThinkPads will be happy to know that this notebook computer contains almost no IBM-manufactured parts. The chipset and networking components (which were IBM-manufactured on older model ThinkPads) are all made by Intel. The modem is by Lucent, the hard drive by Fujitsu, the display adapter by ATI, the audio chips by SoundMax, the track-pad mouse by Synaptics. All of the aforementioned manufacturers are leaders in their fields. About the only IBM-manufactured parts remaining are the power management chips, the infrared ports, and the case.
IBM has made some improvements in system layout as well. The hard drive, memory chips, and mini-PCI boards are all accessible though panels on the bottom of the notebook. As these are the most frequently updated or replaced components, service times should be reduced by quite a bit over earlier ThinkPads. Unfortunately, the motherboard of the system still is rather difficult to access, so more complicated repairs may be more challenging than on competing Dell notebooks.
The case esthetics are dated. The R40 is a plain black box and lacks any of the finer design finishes of this year's Dell, Apple, and Compaq notebooks. Still, some might find this "industrial chic" look appealing. The R40 is fairly compact and relatively light weight. Those accustomed to a Dell 800-series system will find the R40 refreshingly portable. From the outside, the R40 appears to be fairly well constructed. The keyboard has a solid response (for a notebook), although it lacks the familiar "Windows" and "menu" keys present on virtually all competing models. Making up for this a bit are the extra buttons for volume control, and the function key extensions to trigger wireless radio power, system standby, screen brightness, and a very handy keyboard light mounted above the screen. The touchpad/mouse is exceptionally well designed, which is a pleasant change from earlier ThinkPad models. I am finding the keyboard 'eraser-head' mouse quite usable. Since the R40 uses Intel's latest "Pentium-M" mobile processor, it also runs quieter and cooler than many current laptops. Unlike certain titanium-cased notebooks I could mention, it will not burn your skin when you are wearing shorts.
The screen has sturdy hinge which pivots back a full 180 degrees (useful for on-the-fly presentations). The lid release still employs the dual-catch levers which most vendors phased out over three years ago. This makes for a very secure closure, but limits your ability to open the PC when driving, holding a baby, or drinking a martini. Sadly, IBM has not kept up with LCD display technology. Most ThinkPads come with XGA displays (1024x768). Although fairly bright, these screens have a highly reflective surface, which creates rather bad glare under some conditions. The R40 is available with a 15" SXGA+ display (1280x1024) which is both brighter and somewhat more glare-resistant. I strongly suggest that this upgrade is well worth the few extra bucks.
The R40 is well equipped with an impressive number of interfaces. It sports two USB 2.0 ports, an IEEE 1394/Firewire port (a rarity on a system in this price range), headphone, mic, 100 Mbps Ethernet (no Gigabit), modem, one parallel (they still make these things?), one serial, two PCMCIA ports, and an SVideo jack. IBM made the wise decision of ditching the mostly-obsolete PS/2 port and has included no floppy drive (although one is available to swap with the optical drive).
In an attempt to distinguish the ThinkPad line from the competitors' offerings, IBM ships the ThinkPad with a raft of IBM-branded software. Software is present for configuring your wireless connections, power profiles, display settings, keyboard, and trackpad. There is software for burning CDs, playing DVDs, for managing your optical bay, and for backing up and maintaining your system. Many of these items are quite useful. The mouse software and power management utilities are very well crafted. However, some of these items leave something to be desired (IBM's "Record Now" CD writing software does not hold a candle to Roxio EZ-CD creator), and other pieces may be worse than having nothing at all. The network connection management software is not easy to configure with UVM's VPN software. Perhaps more shockingly, experimentation with the IBM "RapidRestore PC" backup software resulted in an un-bootable ThinkPad. I fail to see how buggy software enhances my computing experience. I would just as soon have fewer options with more stability.
One final complaint: Upon unpacking our new R40, we were dismayed to find no system restoration CDs. Thinking there must have been an error, we checked the packing slip; nope, no CDs included! The enclosed manual notes that a hidden partition is present on the ThinkPad which contains an emergency recovery program. When executed at boot time, this program will restore your PC to its original factory state. This sounds good on paper, but what happens when you go to upgrade your hard drive? What happens if your drive becomes damaged? IBM makes no easy allowances for these situations. They even did us the discourtesy of failing to include the Windows XP operating system CD. [One may call IBM at 800-772-2227 to request a restoration CD.]
All complaints aside, most users should be quite happy with the
R40. It is not a graphics power-house, nor is it a fashion accessory;
however, it is rugged system available at a low price, with a
respectable set of features. Just ignore some of the IBM software
"enhancements", and you should do well.
J. Greg
MacKinnon
ThinkPad R40 1.3 GHz Pentium M,
15"
Display, 512MB, 40 GB HD, CD-RW/DVD Combo Drive, Integrated NIC,
Integrated Modem, Wireless 802.11b Adapter, Windows XP Pro. 3 yr
warr. $1,486.00 -UVM
Depot
Q: What is the difference between a computer virus, a worm and a trojan horse?
A: A virus requires a transmission medium such as an email attachment, server file or otherwise shared program that carries the virus. Some early viruses were believed to have been started by Asian software providers to get revenge on software pirates.
Normally, the recipient must open the file to be infected. In some cases, because of software flaws (typically, but not always, in Windows), such files may be automatically opened (e.g. as part of an automatic "preview" window) by the receiving computer. Sobig.f is an example of a virus that is spread by infected email attachments.
A computer "worm" does not require such a transmission medium but acts directly on the the target computer via a computer connection or network. The Blaster worm is an example of an infection that spreads without the need for a file or for the victim to open an attachment. It spreads "spontaneously" over a computer network to vulnerable Windows systems.
A trojan horse is a program pretending to be something else, like a login screen or an Amazon order form. The idea is to trick the unsuspecting into providing secret information such as your password, bank account, credit card number or social security number.
Some "viruses" (which has become the generic term for these programs) use multiple strategies, blurring the difference between viruses, trojans and worms.
Further reading:
Q: Email from eBay is being marked as spam. What can I do?
A: For reasons unknown to us, eBay is doing things in their email that spammers typically do. This causes their email, even that specifically addressed to individuals, to receive a very high spam rating. We have alerted them, but in the meantime you can avoid having such messages go into your spam folder by white-listing *ebay.com. Server-based filtering and white-listing is described in the article on PureMessage in the summer issue of the UVM IT News and in the spam management section of the CIT Web site.
Q: I just received a message from admin@uvm.edu about my email expiring. It tells me to open the attachment, but there is nothing in the DELETED0.TXT attachment. I opened the file as directed, and it says:
File attachment: message.zip
The file attached to this email was removed because files of this type are not accepted for delivery by your email gateway.
Why send out messages with attachments that the email gateway removes???
A:The message is bogus. There is no admin@uvm.edu email address. Even if there were, we would not use an attachment for the message. The email was sent by a virus on someone's infected computer in an attempt to spread the mimaila virus. Fortunately, the virus screening gateway removed the original virus file (message.zip) and replaced it with a DELETED0.TXT file which briefly explains the removal of the original attachment. Anytime you get a message with DELETED0.TXT attached, you will know that the original email had a virus or prohibited file type attached. While we have blocked most attachment types that are the common carriers of viruses (exe.scr,etc.), zip files are not automatically removed since they could be any file type and are convenient for many users to send files. However, zip files are removed when they contain one of the file types commonly used to distribute viruses.
Note that the virus gateway can only protect you from viruses received at your uvm.edu email address. It cannot protect your computer from viruses received from other email systems such as Hotmail or Yahoo.
Have a question?
Send technical questions to helpline@uvm.edu.
Send questions and comments regarding IT policies, plans or priorities to
If you have a question or comment regarding this email newsletter or any article herein, send it to UVM-IT-News@uvm.edu. Answers of general interest will be posted to UVM-IT-News.
We will publish answers to questions of general interest on the Web and/or in future issues.
In order to avoid writing paralysis, we reserve the right to:
So please let us know if you think we have gotten something wrong, and we will publish corrections as appropriate. And we fully expect to change our minds from time to time as we learn and are influenced by the rapidly evolving world of information technology...
Last modified October 10 2003 11:30 AM
